All existing computer systems, regardless whether the computer systems are autonomous or are based on human machine interfaces will typically receive or collect voluminous amounts of user generated data. These data include large volumes of user and machine generated transactional activity logged records. Records of such nature may be monitored for potentially undesirable computing activities such as network-based attacks and/or host-based security breaches. Presently, collected log data and/or records of such nature (termed as information security events) are typically stored away and subsequently used for forensic purposes following the occurrence of a security breach event. Analysis of such nature is termed as post-crime forensic data analytics.
In existing approaches known in the art, methods of carrying out post-crime forensic data analytics on enormous volumes of information security events are prohibitively expensive and time consuming. This results in an inefficient way of discovering “after-the-fact” security breaches and greatly reduces the ability to discover trends that can be used to anticipate and predict future security threats. In mission critical systems, the quantity of information security events may be of the order of petabytes per day. The sheer volume of information security events collected simply does not permit for the rapid discovery and response to the ever-increasing information security threats. The vast and diverse attributes of the unstructured information security events collected also may not be decoded and analysed at high speed by post-crime forensic data analytic computer software. If forensic data analytics computer software is unable to handle data of such nature, a human operator performing forensic activity would have no chance in making sense of this data.